|
Home > Archive > Web Servers on Unix and Linux > February 2005 > Routing problem? What is it?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Routing problem? What is it?
|
|
| Shabam 2005-02-21, 8:48 pm |
| I'm running Fedora 2 + Apache 2. The server has two NICs going to two
different networks, one is 192.168.0.10 and the other is 10.0.0.10. The
192.168.0.10 card connects to my DSL router, which interfaces with the
public. The 10.0.0.10 connects to an internal LAN.
To add to this, my ISP is blocking port 80, meaning I had to configure
Apache to run on another port. I've put it at port 82 instead. On my
router I've configured all traffic to port 82 be routed to this web server.
I've also mapped a domain name test123.com to my public IP, which is
111.222.111.222 (made up).
Now, when I type in http://111.222.111.222:82/ I'm getting a browser time
out. However when I type in http://192.168.0.10:82/ it is responding. The
funny thing is, http://111.222.111.222:82/ has worked before, but
sporadically. I've also tried going to http://111.222.111.222:82/ from
within the web server and it's timing out there as well.
In http.conf I have this:
Listen *:82
So my question is, why is this happening? I'm not able to figure this out
as there are no error logs anywhere to look at. Could it be that the web
server is trying to route packets back out via the 10.0.0.x network instead?
I remember before I added that second IP, it used to work.
| |
| David Efflandt 2005-02-22, 2:46 am |
| On Mon, 21 Feb 2005 16:59:26 -0800, Shabam <chalupa@yomama-nospam.com> wrote:
> I'm running Fedora 2 + Apache 2. The server has two NICs going to two
> different networks, one is 192.168.0.10 and the other is 10.0.0.10. The
> 192.168.0.10 card connects to my DSL router, which interfaces with the
> public. The 10.0.0.10 connects to an internal LAN.
>
> To add to this, my ISP is blocking port 80, meaning I had to configure
> Apache to run on another port. I've put it at port 82 instead. On my
> router I've configured all traffic to port 82 be routed to this web server.
>
> I've also mapped a domain name test123.com to my public IP, which is
> 111.222.111.222 (made up).
>
> Now, when I type in http://111.222.111.222:82/ I'm getting a browser time
> out. However when I type in http://192.168.0.10:82/ it is responding. The
> funny thing is, http://111.222.111.222:82/ has worked before, but
> sporadically. I've also tried going to http://111.222.111.222:82/ from
> within the web server and it's timing out there as well.
"type in" from where? What mfr/model router? Many routers do not do
loopback (LAN2LAN via WAN IP). You should test it from an internet host,
or dialup PPP from PC NOT on your LAN.
> In http.conf I have this:
> Listen *:82
>
> So my question is, why is this happening? I'm not able to figure this out
> as there are no error logs anywhere to look at. Could it be that the web
> server is trying to route packets back out via the 10.0.0.x network instead?
> I remember before I added that second IP, it used to work.
Check output of /sbin/route -n
The only route for 10.0.0.0 on server should have gateway 0.0.0.0 (local).
Server itself should not have any other route on that interface.
I assume you are masquerading 10.0.0.x network, if you can access the
internet from that LAN. Maybe something is not quite right with your
iptables rules (is it configured to any IP into destination port 82?).
| |
| Shabam 2005-02-22, 2:46 am |
| > "type in" from where? What mfr/model router? Many routers do not do
> loopback (LAN2LAN via WAN IP). You should test it from an internet host,
> or dialup PPP from PC NOT on your LAN.
It's not working outside either. I've checked.
> Check output of /sbin/route -n
> The only route for 10.0.0.0 on server should have gateway 0.0.0.0 (local).
> Server itself should not have any other route on that interface.
>
> I assume you are masquerading 10.0.0.x network, if you can access the
> internet from that LAN. Maybe something is not quite right with your
> iptables rules (is it configured to any IP into destination port 82?).
The 10.0.0.x network is used purely for an internal server share, not for my
internet access. I use the 192.168.0.x network for that. Therefore there's
no masquerading going on in the 10.0.0.x network. IPTables has nothing to
do with the issue either.
Here's the output of route -n:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
| |
| David Efflandt 2005-02-24, 5:51 pm |
| On Mon, 21 Feb 2005 21:02:10 -0800, Shabam <chalupa@yomama-nospam.com> wrote:
>
> It's not working outside either. I've checked.
If nothing is mentioned in your apache logs, it appears to not be reaching
that server. If you are sure that you properly forwarded port 82 in your
router to 192.168.0.10, and router logs do not mention unauthorized access
for that port, the only other thing I can think of is that there may be a
default firewall you are not aware of. Check output of:
iptables -L -n
|
|
|
|
|